4 Apr
2022
4 Apr
'22
7:28 a.m.
On Apr 4, 2022, at 10:20 AM, Jules Richardson via
cctalk <cctalk at classiccmp.org> wrote:
On 4/3/22 10:51, Eric J. Korpela via cctalk wrote:
There's a research group in, I think, UCSD which studies that question. From what I
recall, in modern hard disk drives with microscopic tracks and not a whole lot of margin
anywhere, one overwrite is plenty good. The legendary multiple erase schemes are mostly
rumors -- I looked long and hard for the supposed government standards that specify these
and found they don't seem to exist -- and no longer useful.
SSDs are a different story entirely because there you don't write over the actual
data; instead a write updates internal metadata saying where the most recent version of
block number xyz lives. So, given that you tend to have a fair amount (10 or 20 percent
if not more) of "spare space" in the SSD, previous data are likely to be hanging
around. I suspect if you write long enough you could traverse all that, but how to do
that depends on the internals of the firmware. That's likely to be confidential and
may not even be reliably known.
There are SSD SEDs. If designed correctly those would give you cryptographically strong
security and "instant erase". Not all disk designers know how to do these
designs correctly. If I needed an SED (of any kind) I'd insist on a detailed
disclosure of its keying and key management. Prying that out of manyfacturers is hard.
I've done it, but it may be that my employer's name and unit volume was a factor.
paul
drive removed and destroyed for privacy reason.
For those in the know, how much success - assuming a "money is no object"
approach - do data recovery companies have in retrieving data from drives that have a)
been overwritten with zeros using dd or similar, and b) been overwritten with random data
via a more comprehensive tool?